<?php
//开启session
session_start();
//包含数据库配置文件
include '../public/dbconfig.php';
//包含函数库文件
include '../public/functions.php';
//调用函数 链接数据库
$link = con();

//接收用户传过来的密码
//接收旧密码
$oldpass = md5($_POST['oldpass']);
//接收新密码
$password = $_POST['password'];
//接收确认密码
$notpassword = $_POST['notpassword'];

//准备sql
$sql = "select password from user where password='{$oldpass}' and id={$_SESSION['id']}";
//echo $sql;
//exit;
//执行sql
$res = mysqli_query($link, $sql);
//判断执行结果
if($res && mysqli_num_rows($res)){
	//旧密码正确 继续下一个判断
	if($password == $notpassword){
		//新密码和确认密码一致
		//将密码写入数据库
		$pass = md5($password);
		//准备sql
		$passsql = "update user set password='{$pass}' where id={$_SESSION['id']}";
		//执行sql
		$passres = mysqli_query($link, $passsql);
		//判断执行结果
		if($passres){
			echo '<script>alert("密码修改成功,请重新登录");window.location.href="outlogin.php";</script>';
		}else{
			echo '<script>alert("密码修改失败");window.location.href="modifypass.php";</script>';
		}
	}else{
		//新密码和确认密码不一致
		echo '<script>alert("新密码和确认密码不一致");window.location.href="modifypass.php";</script>';
	}
	//释放结果集
	mysqli_free_result($res);
}else{
	//旧密码错误
	echo '<script>alert("旧密码错误");window.location.href="modifypass.php";</script>';
}
//关闭数据库链接
mysqli_close($link);